EIDF is managed in the same way as our other national services and systems at EPCC, all of which follow standard computer security practices and are covered by our ISO 9001 accreditation for service quality and ISO 27001 accreditation for information security management.
Everyday access and use
All users are associated with one or more projects. Projects are approved in various ways but are championed by a Principal Investigator (PI), who authorises all new users on their projects and is accountable for the project team’s “good behaviour”. PIs often delegate responsibility for day-to-day tasks such as adding users or managing resources to a Project Manager.
A common part of project approval is a check on data usage. Data hosted in the EIDF Data Lake are tagged according to sensitivity and access is managed accordingly. Data brought into private workspaces in EIDF as part of a project get a similar check. Where data are sensitive in some way (for example data under copyright, or de-identified personal data), project PIs must be able to show they have the necessary legal and ethical permissions and data usage agreements in place before the project may go ahead.
On the Data Service Cloud, projects are assigned their own private cloud space, depending on the resources they need. This can be anything from a single Python notebook to a small GPU-enabled cluster. Day-to-day access and security follow standard computer security procedures of strong passwords and access control.
Shared data presented to users in the Analytics-Ready Data Layer is read-only and cannot be changed from the Data Service Cloud.
Data stored in the Data Lake are not directly accessible by users of the Data Service Cloud at all.